Songlan

**Name of the Vulnerable Software and Affected Versions** tittuvarghese CollegeManagementSystem (affected versions not specified) **Description** A flaw in the `session start()` function within the '/login-form.php' file allows for session fixation. This occurs when a remote attacker manipulates the `UserAuthData` argument. Session fixation is a technique where an attacker forces a specific session identifier on a user to hijack their session after they authenticate. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.